ANTIVIR virus on mini laptop

Hold on to your hats!

ComboFix 10-08-01.01 - Devon 08/02/2010 1:01.1.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.708 [GMT -4:00]
Running from: E:\commy.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Devon\Application Data\LoJackSetup.exe
c:\documents and settings\Devon\Local Settings\Application Data\wiaaodtmq
c:\documents and settings\Devon\Local Settings\Application Data\wiaaodtmq\ouqejpgtssd.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-02 to 2010-08-02 )))))))))))))))))))))))))))))))
.

2010-08-02 02:21 . 2010-08-02 02:21 -------- d-----w- c:\program files\Copy of Citrix
2010-08-01 22:20 . 2010-08-01 22:20 -------- d-----w- c:\windows\Sun
2010-07-20 23:46 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-02 02:32 . 2010-06-28 07:07 99608 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-03 20:34 . 2010-03-25 20:13 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-14 14:31 . 2008-04-26 01:44 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-11 00:02 . 2010-06-11 00:02 -------- d-----w- c:\documents and settings\Devon\Application Data\Windows Live Writer
2010-06-09 19:28 . 2010-03-07 23:54 282 ----a-w- c:\documents and settings\Devon\Application Data\wklnhst.dat
2010-06-05 15:11 . 2010-02-23 03:37 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-29 13:51 . 2010-05-29 13:51 348160 ----a-w- c:\documents and settings\Devon\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3548e579-n\msvcr71.dll
2010-05-29 13:51 . 2010-05-29 13:51 503808 ----a-w- c:\documents and settings\Devon\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3548e579-n\msvcp71.dll
2010-05-29 13:51 . 2010-05-29 13:51 499712 ----a-w- c:\documents and settings\Devon\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3548e579-n\jmc.dll
2010-05-06 10:41 . 2008-04-25 20:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 03:30 . 2010-02-23 03:30 75 --sh--r- c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-23 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-15 1434920]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-15 17529856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-15 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-15 137752]
"OA012Mon"="c:\windows\OA012Mon.exe" [2009-09-01 24576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-23 149280]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664]
"WSED"="c:\program files\WSED\WSED.exe" [2009-05-27 247080]
"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2009-07-22 623984]
"CapsLKNotify"="c:\program files\CapsLKNotify\CapsLKNotify.exe" [2009-02-23 320808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"wvlaunch"="c:\program files\Numedeon\Whyville Launcher\wvlaunch.exe" [2009-05-23 1120768]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]

c:\documents and settings\Devon\Start Menu\Programs\Startup\
Nickelodeon RSS.lnk - c:\program files\Stardock\DesktopGadgets\Nickelodeon RSS\Nickelodeon RSS.exe [2010-2-22 884016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Stardock MyColors.lnk - c:\program files\Stardock\MyColors\SDDelayedLaunch.exe [2009-6-24 10440]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
IconPackager.lnk - c:\program files\Stardock\MyColors\IconPackager.exe [2009-6-16 1385848]
Nickelodeon RSS.lnk - c:\program files\Stardock\DesktopGadgets\Nickelodeon RSS\Nickelodeon RSS.exe [2010-2-22 884016]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-02-23 03:28 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2009-06-09 15:55 30000 ----a-w- c:\program files\Stardock\MyColors\fastload.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2/22/2010 11:23 PM 14248]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2/23/2010 12:52 AM 162816]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/23/2010 10:06 AM 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/23/2010 12:52 AM 1684736]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2/22/2010 11:29 PM 143840]
S3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [2/23/2010 12:52 AM 134144]
S3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [2/23/2010 12:52 AM 133632]
S3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [2/23/2010 12:52 AM 272256]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 4:33 PM 14336]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - RSVP

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 14:06]

2010-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 14:06]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride =
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-yhkndcsj - c:\documents and settings\Devon\Local Settings\Application Data\wiaaodtmq\ouqejpgtssd.exe
HKLM-Run-LoJackForLaptops - c:\program files\absoƖute Software\LoJack Install\FactoryInstaller.exe
HKLM-Run-yhkndcsj - c:\documents and settings\Devon\Local Settings\Application Data\wiaaodtmq\ouqejpgtssd.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-02 01:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\Devon\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4173571547-3841892101-3456111933-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\program files\Stardock\MyColors\fastload.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2010-08-02 01:14:34
ComboFix-quarantined-files.txt 2010-08-02 05:14

Pre-Run: 150,324,695,040 bytes free
Post-Run: 150,695,940,096 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 60FF587D7E7D685CE086EC316D1C72D0

Hi again

Before we start with the fixes I saw that you ran combofix from the flash drive. Can you move it on to the Desktop please?

Once that's done:

Re-running ComboFix to remove infections:

1. Close any open browsers.
   
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
3. Open notepad and copy/paste the text in the quotebox below into it:
   

   
   File::
   c:\docume~1\Devon\LOCALS~1\Temp\catchme.dll
   
   DDS::
   uInternet Settings,ProxyServer = http=127.0.0.1:5643
   uInternet Settings,ProxyOverride =
   

4. Save this as CFScript.txt, in the same location as ComboFix.exe
   
   
   
   
5. Referring to the picture above, drag CFScript into ComboFix.exe
   
6. When finished, it shall produce a log for you at C:\ComboFix.txt
   
7. Please post the contents of the log in your next reply.

Hi, hope you are still there! I copied the above and dragged it over to the ComboFix.exe. When it is finished, I'll post the contents of the log in my next reply.

ComboFix 10-08-01.01 - Devon 08/02/2010 8:17.3.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.703 [GMT -4:00]
Running from: c:\documents and settings\Devon\Desktop\commy.exe
Command switches used :: c:\documents and settings\Devon\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\docume~1\Devon\LOCALS~1\Temp\catchme.dll"
.

((((((((((((((((((((((((( Files Created from 2010-07-02 to 2010-08-02 )))))))))))))))))))))))))))))))
.

2010-08-02 02:21 . 2010-08-02 02:21 -------- d-----w- c:\program files\Copy of Citrix
2010-08-01 22:20 . 2010-08-01 22:20 -------- d-----w- c:\windows\Sun
2010-07-20 23:46 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-02 02:32 . 2010-06-28 07:07 99608 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-07-03 20:34 . 2010-03-25 20:13 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-14 14:31 . 2008-04-26 01:44 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-11 00:02 . 2010-06-11 00:02 -------- d-----w- c:\documents and settings\Devon\Application Data\Windows Live Writer
2010-06-09 19:28 . 2010-03-07 23:54 282 ----a-w- c:\documents and settings\Devon\Application Data\wklnhst.dat
2010-06-05 15:11 . 2010-02-23 03:37 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-29 13:51 . 2010-05-29 13:51 348160 ----a-w- c:\documents and settings\Devon\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3548e579-n\msvcr71.dll
2010-05-29 13:51 . 2010-05-29 13:51 503808 ----a-w- c:\documents and settings\Devon\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3548e579-n\msvcp71.dll
2010-05-29 13:51 . 2010-05-29 13:51 499712 ----a-w- c:\documents and settings\Devon\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-3548e579-n\jmc.dll
2010-05-06 10:41 . 2008-04-25 20:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 03:30 . 2010-02-23 03:30 75 --sh--r- c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-23 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-15 1434920]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-15 17529856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-15 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-15 137752]
"OA012Mon"="c:\windows\OA012Mon.exe" [2009-09-01 24576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-23 149280]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-01-06 2289664]
"WSED"="c:\program files\WSED\WSED.exe" [2009-05-27 247080]
"BTMeter"="c:\program files\Battery Meter\BTMeter.exe" [2009-07-22 623984]
"CapsLKNotify"="c:\program files\CapsLKNotify\CapsLKNotify.exe" [2009-02-23 320808]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"wvlaunch"="c:\program files\Numedeon\Whyville Launcher\wvlaunch.exe" [2009-05-23 1120768]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]

c:\documents and settings\Devon\Start Menu\Programs\Startup\
Nickelodeon RSS.lnk - c:\program files\Stardock\DesktopGadgets\Nickelodeon RSS\Nickelodeon RSS.exe [2010-2-22 884016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Stardock MyColors.lnk - c:\program files\Stardock\MyColors\SDDelayedLaunch.exe [2009-6-24 10440]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
IconPackager.lnk - c:\program files\Stardock\MyColors\IconPackager.exe [2009-6-16 1385848]
Nickelodeon RSS.lnk - c:\program files\Stardock\DesktopGadgets\Nickelodeon RSS\Nickelodeon RSS.exe [2010-2-22 884016]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-02-23 03:28 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2009-06-09 15:55 30000 ----a-w- c:\program files\Stardock\MyColors\fastload.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2/22/2010 11:23 PM 14248]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2/23/2010 12:52 AM 162816]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/23/2010 10:06 AM 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2/23/2010 12:52 AM 1684736]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2/22/2010 11:29 PM 143840]
S3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [2/23/2010 12:52 AM 134144]
S3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [2/23/2010 12:52 AM 133632]
S3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [2/23/2010 12:52 AM 272256]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 4:33 PM 14336]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - RSVP

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 14:06]

2010-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-23 14:06]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-02 08:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4173571547-3841892101-3456111933-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
c:\program files\Stardock\MyColors\fastload.dll
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(540)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2010-08-02 08:23:05
ComboFix-quarantined-files.txt 2010-08-02 12:23
ComboFix2.txt 2010-08-02 05:49
ComboFix3.txt 2010-08-02 05:14

Pre-Run: 150,705,831,936 bytes free
Post-Run: 150,697,418,752 bytes free

- - End Of File - - 54B0F0FCB8DB47AF066A813C53D4ECFD

Hi,

I'm currently on vacation so my reply time will be limited until Monday. How are things running now?